Re: Does Webinspect Supports Testing Post Back Frameworks Like JSF/ADF (543 Views)
Reply
Occasional Visitor
kirankonjeti
Posts: 1
Registered: ‎11-21-2013
Message 1 of 2 (583 Views)

Does Webinspect Supports Testing Post Back Frameworks Like JSF/ADF

Hi,

 

Can you please let me know is there any document, that details about the tool(Webinspect) supports Post Back frameworks like JSF/ADF.

 

Thanks & Regards,

Kiran

Please use plain text.
Respected Contributor
HansEnders
Posts: 585
Registered: ‎07-01-2008
Message 2 of 2 (543 Views)

Re: Does Webinspect Supports Testing Post Back Frameworks Like JSF/ADF

I am unsure of the full coverage, but WebInspect already includes a scan settings template for ADF Server Faces, visible in the scan wizard.  This drops in customized settings our developers have identified for that sort of environment.

 

While it does not name JSF or ADF, the Release Notes for 10.0 (and 10.10 do indicate advancements in our scripting engine that may apply.  The only caveat I know for this is that if you happen to be using an older, saved, scan settings file, this new JS engine will not be enabled in your scan.  You must enable it yourself within the scan settings, at the bottom of the display screen for the Content-Analyzers panel > Javascript.  New, fresh scans in WebInspect 10.0 or 10.10 should have the new engine enabled by default.

 

 

 

Source:  Release Notes (English) - https://download.hpsmartupdate.com/webinspect/WebInspectReleaseNotes.htm

 

<<

Enhanced support for modern applications

 

The technologies used to build modern, "Web 2.0" applications are continually evolving. More and more web applications make use of extensive JavaScript frameworks and AJAX for core capabilities, significantly expanding the attack surface of applications and increasing the complexity of testing them. The dynamic nature of modern applications makes it a challenge to automatically crawl and therefore properly perform security tests.

 

HP WebInspect 10.0 responds to this challenge by introducing Adaptive Component Recognition (ACR). Instead of indiscriminately "clicking" hyperlinks and blindly processing interactable elements, ACR technology recognizes structural patterns in a web application to organize it into logical units. For example, instead of simply analyzing a page for hyperlinks, span, and div tags with associated script events, these elements together can be recognized as grid controls and list controls. Furthermore, they can be recognized as controls for specific frameworks like jQuery and extJS, enabling a better understanding of the application and ultimately resulting in the most comprehensive application security analysis of your applications.

 

Enhancements for specific frameworks and components include JQuery (multiple versions), Ext-JS, ARIA, and DOJO. The ACR capabilities include detection of frameworks and are automatically performed as part of using WebInspect; no additional configuration is needed.ACR more accurately processes the content of web applications and finds more locations that are potentially vulnerable to attack. Note that performing more attacks can result in scans taking longer to run.

>>


-- Habeas Data
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation